Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

SecuriteIn...98.exe

windows7-x64

10

SecuriteIn...98.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    48s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2023, 12:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.20743.26598.exe

  • Size

    859KB

  • MD5

    a1beddb06d1826829f7ff5f86e3fd9c0

  • SHA1

    9f2562a5e1f702b11183df715e71ff77e0284d41

  • SHA256

    44a297e5ccf344c0422f4f80b2c490f2650bf44c142f131378b2eb6a6507bc9b

  • SHA512

    3bafe9bde27096fe04ea1b8a4e4e543c51f20902505988d4c68476c192109362ccc86b59bac82c179fcb8d6f4c2f3d561706a5441378997d1968d5ab286c22cb

  • SSDEEP

    12288:899/9WflU/9XxworMzl5mWhm+DvuL4lZQbcRiv1Gnt2vJa+4pgexi:8/ylUFMmW/Dv5DQ714YaFpxi

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.20743.26598.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.20743.26598.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.20743.26598.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.20743.26598.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/688-60-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/688-61-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/688-63-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/688-62-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/688-64-0x00000000008B0000-0x0000000000BB3000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2008-54-0x0000000000F80000-0x000000000105E000-memory.dmp

    Filesize

    888KB

    Download

  • memory/2008-55-0x0000000000420000-0x0000000000460000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2008-56-0x0000000000A50000-0x0000000000A62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2008-57-0x0000000000AC0000-0x0000000000ACC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2008-58-0x0000000005220000-0x0000000005290000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2008-59-0x00000000047A0000-0x00000000047D8000-memory.dmp

    Filesize

    224KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.